1#!/bin/sh -e 2# 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# This Source Code Form is subject to the terms of the Mozilla Public 6# License, v. 2.0. If a copy of the MPL was not distributed with this 7# file, You can obtain one at http://mozilla.org/MPL/2.0/. 8# 9# See the COPYRIGHT file distributed with this work for additional 10# information regarding copyright ownership. 11 12SYSTEMTESTTOP=../.. 13. $SYSTEMTESTTOP/conf.sh 14 15# Fake an unsupported key 16unsupportedkey=$("$KEYGEN" -q -a "$DEFAULT_ALGORITHM" -b "$DEFAULT_BITS" -n zone unsupported) 17awk '$3 == "DNSKEY" { $6 = 255 } { print }' ${unsupportedkey}.key > ${unsupportedkey}.tmp 18mv ${unsupportedkey}.tmp ${unsupportedkey}.key 19 20zone=bits 21rm -f K${zone}.+*+*.key 22rm -f K${zone}.+*+*.private 23keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 24keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 25$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 26 27zone=noixfr 28rm -f K${zone}.+*+*.key 29rm -f K${zone}.+*+*.private 30keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 31keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 32$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 33 34zone=master 35rm -f K${zone}.+*+*.key 36rm -f K${zone}.+*+*.private 37keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 38keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 39$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 40 41zone=dynamic 42rm -f K${zone}.+*+*.key 43rm -f K${zone}.+*+*.private 44keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 45keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 46$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 47 48zone=updated 49rm -f K${zone}.+*+*.key 50rm -f K${zone}.+*+*.private 51keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 52keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 53$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 54$SIGNER -S -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 55cp master2.db.in updated.db 56 57# signatures are expired and should be regenerated on startup 58zone=expired 59rm -f K${zone}.+*+*.key 60rm -f K${zone}.+*+*.private 61keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 62keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 63$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 64$SIGNER -PS -s 20100101000000 -e 20110101000000 -O raw -L 2000042407 -o ${zone} ${zone}.db > /dev/null 65 66zone=retransfer 67rm -f K${zone}.+*+*.key 68rm -f K${zone}.+*+*.private 69keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 70keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 71$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 72 73zone=nsec3 74rm -f K${zone}.+*+*.key 75rm -f K${zone}.+*+*.private 76keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone` 77$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 78 79zone=retransfer3 80rm -f K${zone}.+*+*.key 81rm -f K${zone}.+*+*.private 82keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone` 83keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone` 84$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 85 86zone=inactiveksk 87rm -f K${zone}.+*+*.key 88rm -f K${zone}.+*+*.private 89keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone $zone` 90keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 -f KSK $zone` 91keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone` 92keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone` 93$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 94 95zone=inactivezsk 96rm -f K${zone}.+*+*.key 97rm -f K${zone}.+*+*.private 98keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -P now -A now+3600 $zone` 99keyname=`$KEYGEN -q -a NSEC3RSASHA1 -b 1024 -n zone -f KSK $zone` 100keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone $zone` 101keyname=`$KEYGEN -q -a RSASHA256 -b 1024 -n zone -f KSK $zone` 102$DSFROMKEY -T 1200 $keyname >> ../ns1/root.db 103 104zone=delayedkeys 105rm -f K${zone}.+*+*.key 106rm -f K${zone}.+*+*.private 107keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 108keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 109# Keys for the "delayedkeys" zone should not be initially accessible. 110mv K${zone}.+*+*.* ../ 111 112zone=removedkeys-primary 113rm -f K${zone}.+*+*.key 114rm -f K${zone}.+*+*.private 115keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 116keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 117 118zone=removedkeys-secondary 119rm -f K${zone}.+*+*.key 120rm -f K${zone}.+*+*.private 121keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 122keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 123 124for s in a c d h k l m q z 125do 126 zone=test-$s 127 keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 128done 129 130for s in b f i o p t v 131do 132 zone=test-$s 133 keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone $zone` 134 keyname=`$KEYGEN -q -a RSASHA1 -b 1024 -n zone -f KSK $zone` 135done 136 137zone=externalkey 138rm -f K${zone}.+*+*.key 139rm -f K${zone}.+*+*.private 140 141for alg in ECDSAP256SHA256 NSEC3RSASHA1 142do 143 k1=`$KEYGEN -q -a $alg -b 1024 -n zone -f KSK $zone` 144 k2=`$KEYGEN -q -a $alg -b 1024 -n zone $zone` 145 k3=`$KEYGEN -q -a $alg -b 1024 -n zone $zone` 146 k4=`$KEYGEN -q -a $alg -b 1024 -n zone -f KSK $zone` 147 $DSFROMKEY -T 1200 $k4 >> ../ns1/root.db 148 149 # Convert k1 and k2 in to External Keys. 150 rm -f $k1.private 151 mv $k1.key a-file 152 $IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1 || 153 ( echo "importkey failed: $alg" ) 154 rm -f $k2.private 155 mv $k2.key a-file 156 $IMPORTKEY -f a-file $zone > /dev/null 2>&1 || 157 ( echo "importkey failed: $alg" ) 158done 159